S3 bucket in different AWS account for serverless deployment than Lambda

We can’t leave the deployment.zip file on s3 bucket in the same account where we are deploying lambda via serverless framework due to a security concern.

We tried with maxdeploymentArtifact=0 to delete all zip files but apparently an artifact might be required for rollback purposes for cloudformation stack, so we can’t use this or it might get stuck forever in update_rollback_failed.

Is there a way we can keep our zip file in a bucket in a different AWS account?
or may be even password protect the file if the above is not possible?